Postage metering systems are well known in the art. A postage metering system applies evidence of postage, commonly referred to as postal indicia, to envelopes or other mailpieces and accounts for the value of the postage dispensed. A typical postage metering system includes a postal security device (PSD) coupled to a host system. The PSD is a secure processor-based accounting device that dispenses and accounts for postage value stored therein. The host system may be a meter-based host processor or a personal computer that includes a printing capability.
PSDs are often manufactured by entities other than the vendor or provider of the postage metering systems in which they are to be utilized. In this case, the PSDs are manufactured in a generic, un-initialized form without the operational data that is required for the PSD and the postage metering system in which it is incorporated to operate. Thus, when delivered to the vendor or provider, the PSDs must be initialized with the required operational data by the vendor's (or some other authorized initializing party's) computerized data processing equipment, referred to as the vendor or provider infrastructure.
Prior to the initialization of a PSD, a trust relationship must be established between the PSD and the initializing infrastructure. Without such a trust relationship, a PSD could be initialized by an imposter infrastructure, or the infrastructure could initialize an imposter PSD. In either case, an attacker could gain the ability to print free postage.
In one prior art method for establishing such a trust relationship and securing the initialization of PSDs, the PSDs are initialized in a physically secure location with access thereto being limited to only certain authorized personnel of the vendor or other initializing entity. In addition, special secure cables are used to connect to the PSDs, and the inventory and movement of the PSDs is strictly controlled and monitored.
An improved prior art method uses not only the physically secure location and other measures described above, but also requires the infrastructure to authenticate itself to each PSD through a transport unlock command. In particular, a secret cryptographic key, known to the infrastructure, is loaded into each PSD during manufacture. During initialization, the infrastructure encrypts the transport unlock command using the secret key and transmits it to the PSD. The PSD then decrypts the received message using its stored secret key and determines whether the decrypted information is a proper transport unlock command. The PSD will not accept any parameterization or key data from the infrastructure unless and until it receives a proper transport unlock command. In this method, the PSD does not authenticate itself to the infrastructure.
Both of the prior art methods and systems described above are susceptible to a substitution attack, where an unauthorized entity is substituted for an authenticated entity after the receipt of the transport unlock command has occurred. Thus, a need exists for a system and method for mutual authentication of PSDs and infrastructure that protects against substitution and other attacks.